aboutsummaryrefslogtreecommitdiff
path: root/sbin/gbde
diff options
context:
space:
mode:
authorTim J. Robbins <tjr@FreeBSD.org>2003-02-23 07:37:47 +0000
committerTim J. Robbins <tjr@FreeBSD.org>2003-02-23 07:37:47 +0000
commit73657eba917a13e7cf01316c75bf4cf987ae23f7 (patch)
treefbeeb3e7c9094766c3376987ba0be6c26eaf7e13 /sbin/gbde
parenteb73a605cd2213db74496820092c4564ca4977c7 (diff)
downloadsrc-73657eba917a13e7cf01316c75bf4cf987ae23f7.tar.gz
src-73657eba917a13e7cf01316c75bf4cf987ae23f7.zip
Fix two unsafe uses of sprintf().
Notes
Notes: svn path=/head/; revision=111298
Diffstat (limited to 'sbin/gbde')
-rw-r--r--sbin/gbde/gbde.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/sbin/gbde/gbde.c b/sbin/gbde/gbde.c
index 5fbab19626e3..4e6dd26e7814 100644
--- a/sbin/gbde/gbde.c
+++ b/sbin/gbde/gbde.c
@@ -491,7 +491,9 @@ cmd_init(struct g_bde_key *gl, int dfd, const char *f_opt, int i_opt, const char
p = getenv("EDITOR");
if (p == NULL)
p = "vi";
- sprintf(cbuf, "%s %s\n", p, q);
+ if (snprintf(cbuf, sizeof(cbuf), "%s %s\n", p, q) >=
+ (ssize_t)sizeof(cbuf))
+ errx(1, "EDITOR is too long");
system(cbuf);
}
i = open(q, O_RDONLY);
@@ -749,8 +751,11 @@ main(int argc, char **argv)
if (doopen) {
dfd = open(dest, O_RDWR | O_CREAT, 0644);
if (dfd < 0) {
- sprintf(buf, "%s%s", _PATH_DEV, dest);
- dfd = open(buf, O_RDWR | O_CREAT, 0644);
+ if (snprintf(buf, sizeof(buf), "%s%s",
+ _PATH_DEV, dest) >= (ssize_t)sizeof(buf))
+ errno = ENAMETOOLONG;
+ else
+ dfd = open(buf, O_RDWR | O_CREAT, 0644);
}
if (dfd < 0)
err(1, "%s", dest);
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 18:33:17 +0000